Secure memory implementation for secure execution of virtual machines

ABSTRACT

Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

This invention was made with government support under Contract No. BAA11-02 awarded by Department of Homeland Security, Science and TechnologyDirectorate, Cyber Security Division; and under Contract No.FA8750-12-2-043 awarded by Air Force Research Laboratory InformationDirectorate. The government has certain rights to this invention.

FIELD OF THE INVENTION

The present invention relates generally to the field of Virtual Machines(VMs), and more particularly improving security of Virtual Machines(VMs) running under control of a hypervisor.

SUMMARY

Embodiments of the present invention provide systems, methods, andcomputer program products for secure memory implementation for secureexecution of virtual machines. Data is processed in a first mode and asecond mode, and commands are sent to a chip interconnect bus using realaddresses; wherein the chip interconnect bus includes a number of bitsfor the real addresses; wherein the chip interconnect bus is larger thana number of bits needed for a maximum memory range supported by thecomputer system; wherein a first portion of the bits for real addresseswhich are not in the range of the supported maximum memory range is usedto indicate whether to operate in the first mode or the second modecreating a memory address hole. A memory controller is operativelycoupled to a memory component. A secure memory range is specified byusing range registers. Responsive to determining that the real addressis detected to be in the secure memory range to match a memory componentaddress, a real address bit is inverted. Responsive to determining thatthe real address is in the secure memory address hole, a security accessviolation is detected. Responsive to determining that the real addressis not in the secure address range and the real address bit is set, thesecurity access violation is detected.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a data processing system, in accordancewith an embodiment of the present invention;

FIG. 2 is a block diagram of a processor chip, in accordance with anembodiment of the present invention;

FIG. 3 is a block diagram illustrating allocation of secure memory, inaccordance with an embodiment of the present invention;

FIG. 4 is a block diagram of logic additions to a memory controller forsecure memory allocation, in accordance with an embodiment of thepresent invention;

FIG. 5 is a block diagram of a Base Address Register (BAR), inaccordance with an embodiment of the present invention;

FIG. 6 is a block diagram of the circuitry added to each bus master, inaccordance with an embodiment of the present invention;

FIG. 7 is a block diagram illustrating how a real address bit definingsecure memory may depend on system configuration, in accordance with anembodiment of the present invention;

FIG. 8 is a block diagram of internal and external components of thecomputer system of FIG. 1, in accordance with an embodiment of thepresent invention;

FIG. 9 depicts a cloud computing environment, in accordance with anembodiment of the present invention; and

FIG. 10 depicts abstraction model layers, in accordance with anembodiment of the present invention.

DETAILED DESCRIPTION

In cloud computing environments, Cloud Service Providers (CSPs) maymanage customer applications using system software to provide servicesincluding access to system resources. CSP-managed software typically hascomplete control over customer application data. An operating system(OS) or a hypervisor may access and/or modify the customer applicationdata. Additionally, security features implemented in a user space of acustomer application may be tampered with by an OS or hypervisor withoutbeing detected. Typically, CSP-managed software is part of a trustedcomputing base. Customers may be required to trust that entities, whichdevelop, deploy and control CSP-managed software, are not malicious.Additionally, customers may be required to trust that the CSP-managedsoftware is secure against attacks which may compromise theconfidentiality and integrity of the customer applications and thecustomer application data. Accordingly, customers and the CSP may berequired to negotiate service agreements to achieve regulatorycompliance, thereby ensuring that security and privacy requirements aremet with respect to the customer application data.

Large and disparate teams of software developers may write many lines ofsoftware code to develop CSP-managed software including a hypervisor.Members of these teams may be responsible for isolating executables, inaddition to Virtual Machines (VMs), from other members in order toprotect sensitive information. In some instances, the members themselvesmay be exposed to potential security vulnerabilities. Accordingly, aSecure Memory Facility (SMF) is implemented to provide protection thatis independent of the security of the entire CSP infrastructure. Forexample, the SMF provides secure isolation of VMs. In this embodiment,the SMF is implemented in hardware of a data processing system as wellas a trusted software and firmware component. When this SMF is active,the hardware and firmware components making up the SMF are referred toas an “ultravisor,” or alternatively, operating in an ultravisor mode.

In one embodiment, the SMF protects data (e.g., physical pages and otherdata) in memory (e.g., registers, cache, etc.) associated with securevirtual machines (SVMs) from being accessed by other softwareapplications operating in other SVMs. Additionally, the SMF may protectdata in memory associated with SVMs from software applications executedby a hypervisor and other software applications operating in VMs. Forexample, if a system software accesses a secured physical page, then anSMF may handle access to the secured physical page while protecting thesecured physical page's integrity and confidentiality, regardless ofwhether a corresponding SVM is executing or resting. In this example,even a privileged attacker, such as a malicious or compromisedhypervisor, may not access an SVM's memory pages, and thus not modifyand/or tamper with customer application data or software code withoutdetection.

In another embodiment, an SMF ensures that no unintended state of an SVMleaks to a hypervisor which attempts to access the SVM's secure memory,by preventing, or restricting, the hypervisor from accessing the SVM'ssecure memory. Furthermore, an SMF-enabled hardware may handleultravisor and hypervisor interrupts, such that the ultravisor maysecurely save the SVM's registers into secure memory and clear the SVM'sregister content. Additionally, all secure data, including customerapplication data stored in secure memory, is still protected from accessby the hypervisor upon a context switch. The ultravisor may encrypt asecure memory page and store the secure memory page in an encryptedformat in memory, accessible by the hypervisor in instances where thehypervisor performs tasks, such as paging to disk storage. To return tothe SVM after a context switch, a hypervisor may call the ultravisorexplicitly, via a “ucall” or in another embodiment the SMF hardware mayforce the entrance of the ultravisor state, thereby enabling theultravisor to securely restore the SVM's registers before returning toSVM execution.

Embodiments of the present invention provide methods, systems, andcomputer program products for preventing access to secure memory by ahypervisor and VMs and other chip interconnect bus slaves like I/O andaccelerators like GPUs, connected directly (e.g., DMA engines) orindirectly (e.g., opencapi connected) to the chip interconnect bus.

FIG. 1 is a block diagram of data processing system 100, in accordancewith an embodiment of the present invention. Data processing system 100includes operating system 110, firmware 120, hardware 130, SVM 140, andVM 150. In one embodiment, components of data processing system 100 maybe interconnected via a network (not depicted) for example, a local areanetwork (LAN), a wide area network (WAN) such as the Internet, or acombination of the two, and include wired, wireless, or fiber opticconnections. Data processing system 100 may be a desktop computer,laptop computer, specialized computer server, or any other computersystem known in the art. In certain embodiments, data processing system100 may represent computer systems utilizing clustered computers andcomponents to act as a single pool of seamless resources when accessedthrough a network. For example, such embodiments may be used in datacenter, cloud computing, storage area network (SAN), wide area network(WAN), and network attached storage (NAS) applications. In general, thecomputing systems described herein are representative of any electronicdevice, or combination of electronic devices, capable of executingmachine-readable program instructions, in accordance with an embodimentof the present invention, as described in greater detail with regard toFIG. 9. In this embodiment, data processing system 100 is implemented invarious cloud computing environments, as described in greater detailwith regard to FIGS. 10 and 11.

Hypervisor 110 represents a system software, such as a virtual machinemonitor (VMM) configured to manage, create, and execute SVM 140 and VM150. Hypervisor 110 is an untrusted system software component.Furthermore, hypervisor 110 is part of one security domain, along withVM 150 (i.e., virtual machines that are not protected by SMF securitycapabilities).

Firmware 120 represents a trusted system software component configuredto provide control, monitor and manipulate data executed by trustedhardware 130. In this embodiment, firmware 120 manages a second securitydomain, referred to as a secure memory domain. Furthermore, each SVM 140is assigned to the secure memory domain. Firmware 120 operates in anultravisor mode, which is a privilege level above hypervisor 110 mode.In the ultravisor mode, firmware 120 is configured to control theregular partition scoped address translation mechanism, along withhardware 130 for maintain separation between the two security domains.Additionally, firmware 120 is configured to maintain separation of eachSVM 140 within the secure memory domain.

Hardware 130 mechanisms may be used to invoke firmware 120 whenever atransition between the two security domains occurs, thus enablingfirmware 120 to assure that the state of a process in one securitydomain is properly isolated from the state of a process in the othersecurity domain.

Subsystems of data processing system 100 (not depicted) may interactwith data processing system 100 memory independently of hardware 130components, such as a processor. These subsystems may be modified suchthat all untrusted devices (e.g., Input/Output (I/O) devices) cannotaccess the secure memory domain. Subsystem data which is secure may beencrypted in the non-secure memory domain. Furthermore, firmware 120operating in an ultravisor state may read the encrypted data and decryptthe data, at the storage operation, into the secure memory domain.Similarly, secure data in the secure memory domain may be encrypted andmay have a secure hash added before being stored in hypervisor 110/VM150 memory domain. The encrypted data can thereafter be paged out byhypervisor 110 to disk storage. Accordingly, data and state informationrelated to SVM 140 will not be in a clear text format outside the securememory domain and is integrity protected by the secure hash.

Hardware 130 represents hardware components for data processing system100. In this embodiment, an SW-enabled processor is included in hardware130 and has a set of asymmetric keys and may have associated symmetrickeys that are used for protecting the secure data handled by SVM 140.

SVM 140 is similar to VM 150, but is packaged for SMF with secure datawhich is encrypted with a public SMF key of a target processor. Aprivate SMF key may be protected by a Trusted Platform Module (TPM) andbecomes available only when the correct firmware 120 is loaded duringboot. In this embodiment, a trusted entity that manufactures anddistributes the SMF-enabled processors issues certificates for theirpublic keys.

The descriptions of the various embodiments of the present inventionhave been presented for the purposes of illustration, but are notintended to be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

FIG. 2 is a block diagram of processor chip 200, in accordance with anembodiment of the present invention. In this embodiment, memorycontrollers (MCs) 204A and 204B are operatively coupled to directattached memory 214 (e.g., DRAM chips) and/or a memory buffer chip.Furthermore, MCs 204C and 204D is operatively coupled to memory buffer216 as intermediate to provide large size memories.

MCs 204A-D are inside processor chip 200 and are operatively coupled tochip interconnect 206. In this embodiment, chip interconnect 206 is abus structure that connects all other devices on processor chip 200 andsupports coherence. For example, many different blocks may be connectedto the bus of chip interconnect 206, such as L3 208 caches, withassociated connected L2 210 caches, and processor core 212, as well asall other devices such as coherent accelerators (capi), PCIe links, highspeed links for SMP coherence, etc. Programs executed on processor core212 may use effective addresses, and address translation is performed byprocessor core 212 to generate a physical real addresses for transporton the chip interconnect 206 bus.

FIG. 3 is a block diagram illustrating allocation of secure memory306A-B in system 300, in accordance with an embodiment of the presentinvention. In this embodiment, larger address ranges of the real addressRA[8 . . . 63] are transported on chip interconnect 308 bus. The 55 bitswide RA[8 . . . 63] real address enables to address 36 petabytes, whichis much larger as the total size of each MC 310 connected memory (e.g.,DRAM, DIMMS, memory buffer chips, etc.) that system 300 supports. Tospecify secure memory 306A, a bit position referred to as “x” of RA[8 .. . 63] will distinguish between secure memory 306A and normal memory302A on the chip interconnect 308 bus, as well as for all blocksconnected to the bus. In this embodiment, the x bit is in an addressrange that is above the maximum memory size supported by system 300.Furthermore, a predefined range of memory that system 300 supports isselected for which the x bit will be set. This selection of an addressrange for secure memory may be performed for each MC 310 with itsconnected memory (e.g., DRAM, DIMMS, memory buffer chips, etc.)individually.

Address hole 304 is defined in the normal memory range on the chipinterconnect 308 bus and the secure memory 306A is allocated in thecorresponding memory range with RA[x]=1. In this embodiment, if the RAaddress is in the secure memory 306A valid range, then MC 310 will resetthe RA[x] bit before addressing direct attached memory 312 (DIMMs) ormemory buffer chips (not depicted). Subsequently, secure data will beread by the Direct Attached Memory 312 from the RA[x]=0 associatedaddress and by MC 310 sent to the chip interconnect 308 bus. In the sameway, secure data may be written by the Direct Attached Memory 312 at theRA[x]=0 associated address. In this manner, MC 310 may be extended witha small circuit as will be show, as described in greater detail withrespect to FIG. 6., and all other MC 310 logic may stay the same. Inanother embodiment, if a device attempts to access address hole 304(RA[x]=0) using a RA address on chip interconnect 308 bus thatcorresponds to the secure memory 306B range of direct attached memory312 (e.g., DIMMs), then MC 310 may detect a secure access violation andmay not access the data on direct attached memory 312.

FIG. 4 is a block diagram of logic additions to a memory controller forsecure memory allocation, in accordance with an embodiment of thepresent invention. In this embodiment, real address bits RA[8 . . . x−1,x+1 . . . 63] 416 and RA[x] 418 are part of the chip interconnect bus.In this embodiment, one of the real address (RA) bits is referred to asRA[x] 418, where “x” is the bit which is selected for distinguishingbetween the secure memory and the normal memory range. The bit “x” willbe selected such that it is an address bit which is above the range ofmemory actually supported by the data processor system.

In this embodiment, maximum address configuration register 402 of thememory controller is added, such that maximum address configurationregister 402 is set to the maximum real address of the secure memoryrange. Furthermore, minimum address configuration register 404 of thememory controller is added, and is set for the particular memorycontroller to the minimum real address of the secure memory range. Thewrite address of configuration registers 402 and 404 is setup at boottime to be into the Secure Memory RA[x]=1 space. Therefore, the minaddress and max address stored in configuration registers 402 and 404are protected from modification by chip interconnect bus commands sendby untrusted blocks as the untrusted blocks are enhanced such that onlycommands with send RA[x]=0 addresses can be send the chip interconnectbus. Trusted blocks connected to chip interconnect bus 308 may set theRA[x] bit and therefore are able to reconfigure configuration registers402 and 404. The secure memory data needs to be erased or encryptedbefore the secure memory is reallocated to normal memory. In anotherembodiment, configuration registers 402 and 404 are protected by makingthem scan only. For example, scanning of new data into configurationregisters 402 and 404 may only be performed by trusted hardware engines,such as a boot engine or power management engine. Furthermore, duringthe next to boot time configuration registers 402 and 404 may bereconfigured by trusted hardware engines, as long as the secure memorydata is erased before the secure memory is reallocated to normal memory.

Maximum address configuration register 402 and minimum addressconfiguration register 404 are connected to comparator (<=) 406 andcomparator (>=) 408, respectively, which detect whether the RA is in thesecure memory range. In this embodiment, bit RA[x] 418 is not compared,and is used to identify a match for the address hole (i.e., RA[x]=0) aswell as the secure memory range (i.e., RA[x]=1) when the RA is betweenthe maximum and minimum value. In one embodiment, lower order bits ofconfiguration registers 402 and 404 may be masked (not depicted) to notbe taken into account into the compare according to the size of thesecure memory range. In another embodiment, RA[x] may be taken intoaccount and there may be separate comparators for detection of theaddress hole and the secure memory range.

In the embodiment of FIG. 4, if the RA is in the secure memory range orcorresponds to the address hole, since RA[x] 418 is not part of thecompare, the outputs of comparators 406 and 408 are set to 1 and the ANDgate 410 will report a hit by the AND output set to 1. Furthermore,RA[x] 418 bit is inverted by XOR 412 before sending the addressRA_DIMM[x] 420 along with the other address bits 426 to the memorycontroller attached DIMMs. In this instance, the hit represents securememory 306A the RA_DIMM[x] 420 signal will be set to 0 and DIMM data isread or written. Otherwise if the hit represents the address hole 304the RA_DIMM[x] 420 signal will be set to 1 and the address is outsidethe supported system memory range. No DIMM data is read or written. Ifno hit is reported the AND 410 output is set to 0. Accordingly, the XOR412 output is set to same value as the RA[x] 418 input. With no hit andRA[x] 418 set to 0, normal memory may need to be accessed at the DIMMS.With RA[x] 418 set to 1, the address will be secure memory but outsidethe address range configured by the local MC configuration registers 402and 404. In this case the secure memory attached to another MC with itsown configuration registers may hit and read or write the data from thememory attached to the MC with matching configuration registers. Inanother embodiment, RA[x] 418 is set to a value of 0 and the output ofNOT 422 is set to 1 as being the inverted input of RA[x] 418. If thereis a hit with RA[x] 418 is 0 (e.g., a load/store addressing normalmemory, but configuration registers 402 and 404 do match the memoryrange setup for the particular memory controller) then the addressmatches the address hole 304. Then the output of AND gate 414 reportssecurity access violation 424. As RA_DIMM[x] 420 is set to 1 (addressoutside the system supported memory range) accordingly, no data isreturned or stored.

FIG. 5 is a block diagram of a Base Address Register (BAR), inaccordance with an embodiment of the present invention. In thisembodiment, chip interconnect bus 508 is operatively coupled to busslaves 502A-B and bus masters 514. Bus masters 514 may initiatecommands, such as load and stores on the bus. Bus slave 502A comparesthe real address of the commands, via block 506, on bus 508 and based onthe address BAR configuration register 504 and determines whether busslave 502A executes and responds with an acknowledge to the command. Thesame compare is done by all other Bus slaves. In a typical system setup,only a single bus slave may have a matching address BAR configurationvalue to the command address field and accordingly a single acknowledgeis send as a response to the command.

If the address matches and acknowledge is sent back to bus 508, thencorresponding data may be executed, stored or loaded by bus slave 502Aaccording to the requesting command. If the RA[x] corresponding bit isset to 1 in Address BAR configuration register 504, then it is protectedfrom modification by commands initiated by untrusted master states. Asthe RA[x] bit cannot be set by an untrusted master, no ‘ack’ will besend as the RA[x] bit corresponding bit in the Address BAR configurationregister 504 will never match. Therefore, the setting of the RA[x] to 1or 0 provides a process to specify if bus slave 502 responds to commandsindicated as secure by setting the RA[x] bit, or only responds tocommands with RA[x]=0. In this embodiment, no hardware components aremodified, instead the setting of the RA[x] bit in address BARconfiguration register 504 will determine whether an acknowledge willoccur.

If bus slave 502A is required to respond to both types of commands, thenaddress BAR configuration register 504 may be duplicated and depend onthe hit different execution flows may be triggered storing the data insecure memory or normal memory. In this embodiment, bus masters 514initiate the commands and associated RAs, and are enhanced with logicsetting the RA[x] bit. For example, the cores may force the RA[x] bit tobe set to 0 if the command is issued in a hypervisor state. In the coreultravisor state RA[x] can be set to 0 and 1 and in ultravisor state thecore may access secure memory and Bus Slaves with the RA[x] bit set to 1in the matching address bar configuration register 504. In thisembodiment, other components, such as PHB 512 with access to I/O may notbe trusted and is always required to write into normal memory.

FIG. 6 is a block diagram of the circuitry added to bus master 606, inaccordance with an embodiment of the present invention. In thisembodiment, bus master 606 is configured such that it will always writeinto normal memory (or only may receive an acknowledge from one of busslaves 502 with the associated Address BAR configuration register RA[x]bit set to 0). The RA[x] bit is always set to zero. If bus master 606would receive a request to access the bus with RA[x]=1 then this isdetected and a security violation is reported by for example setting anerror bit. Since the RA[x] is always set to 0, it is guaranteed thatsecure data may not be returned. In this embodiment, bus master 606 maynot access secure memory 608 by forcing the RA[x] bit to be set to 0 anddetecting the request to set RA[x]=1 as a security violation(represented by block 610). In addition, bus master 606 may beconfigured to support both types of accesses, with the forcing logicaccording to the secure or normal type of state the command is issued.Furthermore, 602 represents a chip interconnect, and flow 604 representsRA[8 . . . 63] bits. All other bits of the chip interconnect bus are notdepicted.

FIG. 7 is a block diagram illustrating how a real address bit definingsecure memory may depend on system configuration, in accordance with anembodiment of the present invention. In this embodiment, bit 62 and 63of configuration register 702 is set to 00 for systems in which there isno secure memory at all (represented by 706). If 01 is set the RA[15] isselected as bit for the RA[x] compare (represented by 708). If 10 is setRA[17] is used (represented by 710) and for 11 the RA[19] is used(represented by 710). It is clear to a person of ordinary skill in theart, that this scheme can be extended to more bits or reduced to asingle bit.

FIG. 8 is a block diagram of internal and external components of acomputer system 900, which is representative the computer systems ofFIG. 1, in accordance with an embodiment of the present invention. Itshould be appreciated that FIG. 8 provides only an illustration of oneimplementation and does not imply any limitations with regard to theenvironments in which different embodiments may be implemented. Ingeneral, the components illustrated in FIG. 8 are representative of anyelectronic device capable of executing machine-readable programinstructions. Examples of computer systems, environments, and/orconfigurations that may be represented by the components illustrated inFIG. 8 include, but are not limited to, personal computer systems,server computer systems, thin clients, thick clients, laptop computersystems, tablet computer systems, cellular telephones (e.g., smartphones), multiprocessor systems, microprocessor-based systems, networkPCs, minicomputer systems, mainframe computer systems, and distributedcognitive computing environments that include any of the above systemsor devices.

Computer system 900 includes communications fabric 902, which providesfor communications between one or more processors 904, memory 906,persistent storage 908, communications unit 912, and one or moreinput/output (I/O) interfaces 914. Communications fabric 902 can beimplemented with any architecture designed for passing data and/orcontrol information between processors (such as microprocessors,communications and network processors, etc.), system memory, peripheraldevices, and any other hardware components within a system. For example,communications fabric 902 can be implemented with one or more buses.

Memory 906 and persistent storage 908 are computer-readable storagemedia. In this embodiment, memory 506 includes random access memory(RAM) 916 and cache memory 918. In general, memory 906 can include anysuitable volatile or non-volatile computer-readable storage media.Software is stored in persistent storage 908 for execution and/or accessby one or more of the respective processors 904 via one or more memoriesof memory 906.

Persistent storage 908 may include, for example, a plurality of magnetichard disk drives. Alternatively, or in addition to magnetic hard diskdrives, persistent storage 908 can include one or more solid state harddrives, semiconductor storage devices, read-only memories (ROM),erasable programmable read-only memories (EPROM), flash memories, or anyother computer-readable storage media that is capable of storing programinstructions or digital information.

The media used by persistent storage 908 can also be removable. Forexample, a removable hard drive can be used for persistent storage 908.Other examples include optical and magnetic disks, thumb drives, andsmart cards that are inserted into a drive for transfer onto anothercomputer-readable storage medium that is also part of persistent storage908.

Communications unit 912 provides for communications with other computersystems or devices via a network. In this exemplary embodiment,communications unit 912 includes network adapters or interfaces such asa TCP/IP adapter cards, wireless Wi-Fi interface cards, or 3G or 4Gwireless interface cards or other wired or wireless communication links.The network can comprise, for example, copper wires, optical fibers,wireless transmission, routers, firewalls, switches, gateway computersand/or edge servers. Software and data used to practice embodiments ofthe present invention can be downloaded through communications unit 912(e.g., via the Internet, a local area network or other wide areanetwork). From communications unit 912, the software and data can beloaded onto persistent storage 908.

One or more I/O interfaces 914 allow for input and output of data withother devices that may be connected to computer system 900. For example,I/O interface 914 can provide a connection to one or more externaldevices 920, such as a keyboard, computer mouse, touch screen, virtualkeyboard, touch pad, pointing device, or other human interface devices.External devices 920 can also include portable computer-readable storagemedia such as, for example, thumb drives, portable optical or magneticdisks, and memory cards. I/O interface 914 also connects to display 922.

Display 922 provides a mechanism to display data to a user and can be,for example, a computer monitor. Display 922 can also be an incorporateddisplay and may function as a touch screen, such as a built-in displayof a tablet computer.

Referring now to FIG. 9, illustrative cognitive computing environment 50is depicted. As shown, cognitive computing environment 50 comprises oneor more cloud computing nodes 10 with which local computing devices usedby cloud consumers, such as, for example, personal digital assistant(PDA) or cellular telephone 54A, desktop computer 54B, laptop computer54C, and/or automobile computer system 54N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cognitive computing environment 50 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. The types of computing devices 54A-N shown in FIG. 9 areintended to be illustrative only and that cloud computing nodes 10 andcognitive computing environment 50 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

Referring now to FIG. 10, a set of functional abstraction layersprovided by cognitive computing environment 50 (FIG. 9) is shown. Thecomponents, layers, and functions shown in FIG. 10 are intended to beillustrative only and embodiments of the invention are not limitedthereto. As depicted, the following layers and corresponding functionsare provided:

Hardware and software layer 60 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 61; RISC(Reduced Instruction Set Computer) architecture based servers 62;servers 63; blade servers 64; storage devices 65; and networks andnetworking components 66. In some embodiments, software componentsinclude network application server software 67 and database software 68.

Virtualization layer 70 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers71; virtual storage 72; virtual networks 73, including virtual privatenetworks; virtual applications and operating systems 74; and virtualclients 75.

In one example, management layer 80 may provide the functions describedbelow. Resource provisioning 81 provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cognitive computing environment. Metering and Pricing82 provide cost tracking as resources are utilized within the cognitivecomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 83 provides access to the cognitive computing environmentfor consumers and system administrators. Service level management 84provides cloud computing resource allocation and management such thatrequired service levels are met. Service Level Agreement (SLA) planningand fulfillment 85 provide pre-arrangement for, and procurement of,cloud computing resources for which a future requirement is anticipatedin accordance with an SLA.

Workloads layer 90 provides examples of functionality for which thecognitive computing environment may be utilized. Examples of workloadsand functions which may be provided from this layer include: mapping andnavigation 91; software development and lifecycle management 92; virtualclassroom education delivery 93; data analytics processing 94;transaction processing 95; and appetite improvement system 96.

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general-purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cognitive computing environment.Rather, embodiments of the present invention are capable of beingimplemented in conjunction with any other type of computing environmentnow known or later developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds). A cognitive computing environment isservice oriented with a focus on statelessness, low coupling,modularity, and semantic interoperability. At the heart of cloudcomputing is an infrastructure comprising a network of interconnectednodes.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the invention.The terminology used herein was chosen to best explain the principles ofthe embodiment, the practical application or technical improvement overtechnologies found in the marketplace, or to enable others of ordinaryskill in the art to understand the embodiments disclosed herein.

What is claimed is:
 1. A computer implemented method comprising:processing, by one or more computer processors, data in a first mode anda second mode, wherein a data processing unit sends commands to a chipinterconnect bus using real addresses; wherein the chip interconnect bustransports a number of bits for the real addresses; wherein the chipinterconnect bus is larger than a number of bits needed for a maximummemory range supported by the computer system; wherein a first portionof the bits for real addresses which are not in the range of thesupported maximum memory range is used to indicate whether to operate inthe first mode or the second mode creating a memory address hole, andwherein a memory controller operatively coupled to a memory component;specifying, by the one or more computer processors, a secure memoryrange by using range registers; responsive to determining that the realaddress is detected to be in the secure memory range to match a memorycomponent address, setting, by the one or more computer processors, areal address bit; and responsive to determining that the real address isin the memory address hole, detecting, by the one or more computerprocessors, a security access violation.
 2. The method of claim 1,wherein the chip interconnect bus operatively coupled to bus slaveswhich are parts of a secure memory or a normal memory, in accordancewith the each of the bus slaves trusted or non-trusted functionalityspecified by the real address bit stored in a register.
 3. The method ofclaim 2, further comprising: responsive to determining that the realaddress bit is set to a first value, restricting, by the one or morecomputer processors, one of the bus slaves from accessing the securememory and detect the security access violation.
 4. The method of claim1, wherein the computer system includes a configuration register toselect the bits of the real addresses, based on the computer systemmemory configuration.
 5. The method of claim 1, wherein the first modeis a normal operation mode and the second mode is a secure operationmode.
 6. The method of claim 1, wherein the memory component includesdual in-line memory modules (DIMMs), and wherein the memory componentincludes at least one of: a direct attached memory component and amemory buffer chip.
 7. The method of claim 4, wherein the computersystem memory configuration is selected from a plurality memoryconfigurations, and wherein one of the plurality of memoryconfigurations does not include a secure memory.
 8. The method of claim3, further comprising: writing into the normal memory, wherein a busmaster is a component of a base address register and modified to sendcommands to the chip interconnect bus, and wherein the bus slavesrespond to the commands; responsive to an untrusted block initiating thecommands, setting one of the bits for the real address to the firstvalue; and responsive to the untrusted block attempting to access securecomponents, reporting, by the one or more computer processors, an error.9. A non-transitory computer program product comprising: a dataprocessing unit to process data in a first mode and a second mode, andto send commands to a chip interconnect bus using real addresses;wherein the chip interconnect bus transports a number of bits for thereal addresses; wherein the chip interconnect bus is larger than anumber of bits needed for a maximum memory range supported by thecomputer system; wherein a first portion of the bits for real addresseswhich are not in the range of the supported maximum memory range is usedto indicate whether to operate in the first mode or the second modecreating a memory address hole; a memory controller operatively coupledto a memory component; one or more computer readable storage media; andprogram instructions stored on the one or more computer readable storagemedia for execution by one or more computer processors, the programinstructions comprising: program instructions to specify a secure memoryrange by using range registers; program instructions to, responsive todetermining that the real address is detected to be in the secure memoryrange to match a memory component address, set a real address bit; andprogram instructions to, responsive to determining that the real addressis in the memory address hole, detect a security access violation. 10.The computer program product of claim 9, wherein the chip interconnectbus operatively coupled to bus slaves which are parts of a secure memoryor a normal memory, in accordance with the each of the bus slavestrusted or non-trusted functionality specified by the real address bitstored in a register.
 11. The computer program product of claim 10,wherein the program instructions stored on the one or more computerreadable storage media further comprise: program instructions to,responsive to determining that the real address bit is set to a firstvalue, restrict one of the bus slaves from accessing the secure memoryand detect the security access violation.
 12. The computer programproduct of claim 9, wherein the computer system includes a configurationregister to select the bits of the real addresses, based on the computersystem memory configuration.
 13. The computer program product of claim9, wherein the first mode is a normal operation mode and the second modeis a secure operation mode.
 14. The computer program product of claim 9,wherein the memory component includes dual in-line memory modules(DIMMs), and wherein the memory component includes at least one of: adirect attached memory component and a memory buffer chip.
 15. Thecomputer program product of claim 12, wherein the computer system memoryconfiguration is selected from a plurality memory configurations, andwherein one of the plurality of memory configurations does not include asecure memory.
 16. The computer program product of claim 11, wherein theprogram instructions stored on the one or more computer readable storagemedia further comprise: a bus master operated, by the processor, towrite into the normal memory, wherein the bus master is a component of abase address register and modified to send commands to the chipinterconnect bus, and wherein the bus slaves respond to the commands;responsive to an untrusted block initiating the commands, the bus masteroperated, by the processor, to set one of the bits for the real addressto the first value; and responsive to the untrusted block attempting toaccess secure components, reporting an error.
 17. A computer system forsecure execution of virtual machines, the computer system comprising:one or more processors, one or more computer-readable memories, one ormore computer-readable tangible storage medium, and program instructionsstored on at least one of the one or more tangible storage medium forexecution by at least one of the one or more processors via at least oneof the one or more memories, wherein the computer system is capable ofperforming a method comprising: processing, by one or more computerprocessors, data in a first mode and a second mode, wherein a dataprocessing unit sends commands to a chip interconnect bus using realaddresses; wherein the chip interconnect bus transports a number of bitsfor the real addresses; wherein the chip interconnect bus is larger thana number of bits needed for a maximum memory range supported by thecomputer system; wherein a first portion of the bits for real addresseswhich are not in the range of the supported maximum memory range is usedto indicate whether to operate in the first mode or the second modecreating a memory address hole, and wherein a memory controlleroperatively coupled to a memory component; specifying, by the one ormore computer processors, a secure memory range by using rangeregisters; responsive to determining that the real address is detectedto be in the secure memory range to match a memory component address,setting, by the one or more computer processors, a real address bit; andresponsive to determining that the real address is in the memory addresshole, detecting, by the one or more computer processors, a securityaccess violation.
 18. The computer system of claim 17, wherein the chipinterconnect bus operatively coupled to bus slaves which are parts of asecure memory or a normal memory, in accordance with the each of the busslaves trusted or non-trusted functionality specified by the realaddress bit stored in a register.
 19. The computer system of claim 17,further comprising: responsive to determining that the real address bitis set to a first value, restricting, by the one or more computerprocessors, one of the bus slaves from accessing the secure memory anddetect the security access violation.
 20. The computer system of claim17, wherein the computer system includes a configuration register toselect the bits of the real addresses, based on the computer systemmemory configuration.